#!/usr/bin/python3
"""
Configure libpwquality.

The tree must already include /etc/security/pwquality.conf, and it is
modified in place. Every attempt is made to preserve the structure of
the file, though comments are completely ignored.
"""

import fileinput
import sys

import osbuild.api


SCHEMA = """
"additionalProperties": false,
"required": ["config"],
"properties": {
  "config": {
    "additionalProperties": false,
    "description": "libpwquality config options",
    "type": "object",
    "properties": {
      "minlen": {
        "description": "Minimum acceptable size for the new password (plus one if credits are not disabled which is the default).",
        "type": "integer"
      },
      "dcredit": {
        "description": "The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the new password.",
        "type": "integer"
      },
      "ucredit": {
        "description": "The maximum credit for having uppercase characters in the new password. If less than 0 it is the minimum number of uppercase characters in the new password.",
        "type": "integer"
      },
      "lcredit": {
        "description": "The maximum credit for having lowercase characters in the new password. If less than 0 it is the minimum number of lowercase characters in the new password.",
        "type": "integer"
      },
      "ocredit": {
        "description": "The maximum credit for having other characters in the new password. If less than 0 it is the minimum number of other characters in the new password.",
        "type": "integer"
      },
      "minclass": {
        "description": "The minimum number of required classes of characters for the new password (digits, uppercase, lowercase, others).",
        "type": "integer"
      }
    }
  }
}
"""


def main(tree, options):
    pwquality_conf = options.get("config", {})
    changes = pwquality_conf.copy()

    # For each of the configured options, find the first non-commented out instance
    # of the option and replace it (if necessary). If it does not already exist, append
    # the option to the end of the file.
    # Keys are case case sensitive.
    with fileinput.input(files=(f"{tree}/etc/security/pwquality.conf"), inplace=True) as f:
        for line in f:
            line_list = line.split(' = ')
            if len(line_list) == 2:
                key, current_value = line_list
                value = changes.pop(key, None)
                if value is not None and current_value != value:
                    sys.stdout.write(f"{key} = {value}\n")
                    continue
            sys.stdout.write(line)
    with open(f"{tree}/etc/security/pwquality.conf", mode="a") as f:
        for key, value in changes.items():
            f.write(f"{key} = {value}\n")

    return 0


if __name__ == '__main__':
    args = osbuild.api.arguments()
    r = main(args["tree"], args["options"])
    sys.exit(r)
